Block's Cash App experienced a massive data breach affecting more than 8 million of its users last year in December.
Block confirms that the data breach involves a former employee of the company who downloaded reports from Cash App containing some U.S. customer information.
Cash App is a peer-to-peer payment app owned by Block, previously known as Square.
Block's Cash App Breach
Block's Cash App breach became public on April 4 due to the company's filing with the Securities and Exchange Commission (SEC). The filing stated that the hacking of the former employee occurred on December 10.
As reported by TechCrunch, the SEC filing states, "While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended."
The data hacked on Cash App users varies differently. The breached data includes users' full names, brokerage account numbers, brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day.
In addition, Block stated that the information accessed by the threat actor is only personal identification data, like names, and no other type of information was hacked beyond that.
Block clarified that the usernames or passwords, Social Security numbers, payment card information, or addresses of Cash App users were not affected.
The Cash App data breach also does not affect customers residing outside of the United States.
The U.S. SEC filing states: "The reports did not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information. They also did not include any security code, access code, or password used to access Cash App accounts. Other Cash App products and features (other than stock activity) and customers outside of the United States were not impacted."
Block Investigates Cash App Breach
Block and Cash App is now under scrutiny as people are wondering how a previous employee still has access to the Cash App database even after the person was no longer in the company at the time of the hacking. However, Block did not comment further on the incident.
Block, Cash App, and the SEC filing did not say how many users were affected by the data breach. Although Cash App stated it will be contacting approximately 8.2 million current and former customers about the incident.
Along with its discovery of the breach, which took place four months after it occurred, the company has launched an internal investigation and has informed the appropriate regulatory authorities and law enforcement agencies of the situation. It also intends to send out an email to all 8.2 million customers who were affected by the data breach.
According to a statement provided to TechCrunch and CNET, Danika Owsley, Cash App spokesperson said: "At Cash App we value customer trust and are committed to the security of customers' information...Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information."